Risk Management 101
Risk management is one of the core pillars of running a business.
However, a recent proximity to a risk incident with one of our large entities revealed that risk management maturity and its practices needs reinforcement to some degree in our organisation.
The incident pertains to a delay in an output expected at midday with a sensitive timeline, or there would simply be an avoidable chain reaction. However, due to an alleged theft incident, an output could not be generated.
It took hours before an environment was restored and secured again to generate the standard outputs and clear the pipeline.
Employees were working around the clock to mitigate the impact to customers and manoeuvring internally to avoid the risk falling into a national crisis. Panic was in the air at close of business, and eventually there were calls at night with a breakthrough.
Albeit such incidents are inherent in day-to-day business operations, the activity that created exposure in the first place can be reduced or avoided altogether by mapping it at the risk assessment process stage.
This essentially means the environment was vulnerable, and given a high-risk profile by the very nature of business, ordinarily it should constitute water-tight risk management processes.
This prompted two issues: firstly, the culture of risk management, and whether risk assessment is receiving the priority it deserves in the organisation’s agenda.
Secondly, the maturity level of the risk management ideally into enterprise risk management, and the extent to which traditional risk management is still in practice, which tends to focus only on insured risks.
Risk management is guided by various principles, with corporate governance being the driver. According to Data economies, there are many various types of risks which could hamper a business. One such risk is financial risk, which tends to be the focus of many enterprises.
However, financial losses is only one of the many risks an organisation can be confronted with.
There are also strategic risks, which pertain to external risks that have the potential to alter the long-term objectives of the business. Similarly, compliance risks which also tend to be central to ethics of the business to avoid legal consequences, and by extension financial. Companies are encouraged to consider value-based ethical programmes to cease risk-creating business activities altogether.
Operational risks similar to the recent incident with one of the large local entities may result from internal processes and systems, amongst other factors. There are also reputational risks such as negative media coverage, coupled with community policing on social medi,a which may influence the image of the company from stakeholders’ lenses and damage the brand reputation.
Lastly, health and safety risks, which at the advent of the COVID-19 pandemic threatened business continuity, and ultimately ushered businesses into adapting technology more rapidly as an enterprise risk management
African Business reported that Risk forms a broad spectrum of concerns, point in case being the banking crisis of 2008 which led to an emphasis on credit risk.
Yet, operational risk arising fromaninadequatelyfunctioning business is relatively overlooked, according to surveys.
This implies operational risk is understated, and calls for a risk management strategy which guides the company on how to respond to all types of risk incidents that could be envisaged, including force majeure.
Though one may never 100% cater for all eventualities, risk management processes are a necessity.
In Namibia, quiet a number of entities have made strides by adopting various governance frameworks, including Namcode, which encourages risk management strategies and risk-based monitoring.
Ultimately, risk management policies set the tone for risk management in the company, and therefore an implementation framework should be integrated in the strategy.
Namcode recommended elevating risk governance, defining limits on risk appetite and the levels of risk tolerance regularly, and most importantly, assigning dedicated resources to implement risk management processes.
It is pertinent for organisations to continuously evaluate risk management expectations, and regularly carry out risk assessments holistically whilst adopting routine monitoring in providing risk assurance for the business.
*The opinions expressed in the article at that of the author alone, and are in no way linked to any affiliates.